Website clean up notification

system · 2017-07-04T16:36:14.000Z

Hello,
I have clean up my website portalcienciayficcion[.]com and now it’s free of viruses. However, Avast still warms about an infection if you try to visit it. How can I solve it, please? Can I ask for a review somewhere? Thanks in advance!!

Eddy · 2017-07-04T16:42:09.000Z

avast doesn’t warn about it being infected.
URL:Mal means the domain and/or IP is blocked or it has a link to one or more blacklisted websites.

Running scans at the moment, but first scan already shows that you are using outdated software which is a security risk.
https://sitecheck.sucuri.net/results/www.portalcienciayficcion.com

polonus · 2017-07-04T16:53:45.000Z

Website shows up different code to Google as Googlebot, that is suspicious and called cloaking: http://isithacked.com/check/http%3A%2F%2Fwww.portalcienciayficcion.com%2F (52 bytes difference).

SRI hashes not generated B-status: https://sritest.io/#report/ea972b33-456a-4b99-b45b-2ad2931296f4

And then this: http://retire.insecurity.today/#!/scan/3406a6bb382f55c11855c888ded3cc8fdc6f0a8abb4c353b4db69e008c593df8
About this particular script I wrote recently - XSS-Dom attack vulnerable: https://forum.avast.com/index.php?topic=204977.msg1406113#msg1406113 - could be because you used something like this: https://www.w3schools.com/tags/tryit.asp?filename=tryhtml5_input_type_hidden

In your website’s case, these were not shown: Rover Curiosity.jpg and Blade runner.jpg, that is all we know.

polonus

Eddy · 2017-07-04T17:15:25.000Z

Browser difference and other things :
https://www.websicherheit.at/website-malware-viren-scanner/?url=www.portalcienciayficcion.com

Blacklistings :
http://urlquery.net/report.php?id=1499184387908
https://www.virustotal.com/en/ip-address/62.149.140.146/information/

65(!) suspicious files :
https://quttera.com/detailed_report/www.portalcienciayficcion.com

My advise is to start solving the jquery issue and get dedicated hosting to start with.

polonus · 2017-07-04T17:21:35.000Z

Hi portalcienciayficcion,

I would like to join Eddy here on his advice, we both come to the same conclusions.

Fully update and patch and retire the vulnerable code library and indeed get dedicated hosting.

polonus

polonus · 2017-07-04T19:39:07.000Z

Just skimming over the links, I stumbled upon errors here: hxtp://www.portalcienciayficcion.com/modules/mod_yoo_search/mod_yoo_search.js

error: line:3: SyntaxError: missing ; before statement: error: line:3: * Copyright (C) 2007 - 2009 YOOtheme GmbH */ eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c error: line:3: ^

Vulnerability exploit could be targeted. Theme code has been hacked badly in the past (2016): https://yootheme.com/support/question/102557 could be PHISHING with script not flagged.

polonus

HonzaZ · 2017-07-05T09:19:29.000Z

Glad you cleaned it up. I am unblocking portalcienciayficcion[.]com, but please do follow others’ advice so you are less likely to be targeted (and blocked) in the future.

Announcements